Hellhounds: Operation Lahat. Part 2


In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat.

The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024. As the PT ESC CSIRT team responded to an incident at a transportation company, they detected previously unreported attacks on Windows-based infrastructure, besides already-known TTPs (Tactics, Techniques, and Procedures) and attacks on Linux hosts. The new investigation also found that Hellhounds had been successfully hitting Russian companies since at least 2021. It is a known fact that development of the malware began at least as early as 2019.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • Kremlin critics targeted with spyware inside European Union

    June 5, 2024

    At least seven critics of the Kremlin, including journalists were targeted inside the European Union (EU) by a state using Pegasus, a report by digital civil rights NGO Access Now said on Thursday (May 30). In its report, Access Now said on Thursday an investigation by the NGO revealed that the use of Pegasus (a hacking ...

  • Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies

    June 5, 2024

    Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...

  • Ukrainian intelligence’ hackers attack Russian government agencies and large companies

    June 5, 2024

    Hackers from the Main Intelligence Directorate (DIU) of Ukraine’s Ministry of Defense have attacked the electronic services of several Russian ministries and banking institutions, according to RBC-Ukraine source in the special services. According to Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media) , the disruption is allegedly linked to an accident in ...

  • Hellhounds: Operation Lahat. Part 2

    May 23, 2024

    In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks ...

  • Bank of Russia reports rising number of cyber attacks on financial infrastructure

    May 23, 2024

    The Bank of Russia reported an increase in the number of attacks on suppliers of various IT solutions used in the financial market, the regulator said in its report. “It is particularly noteworthy that attacks on third parties – suppliers of various IT solutions utilized in the financial market – have increased in frequency in 2023. ...

  • Washington Takes Its Cyber Strategy Global

    May 8, 2024

    The United States has spent two years supporting Ukraine in one ground war and seven months backing Israel in another, and it continues to prepare for the possibility of a third in Taiwan. But arguably its most persistent focus has been on a far longer-running, more perennial, borderless battle over cyberspace and the future of technology. ...